Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/NZtGTotXj9rRYop4oFcOLTWsNtU.roa
File:                     NZtGTotXj9rRYop4oFcOLTWsNtU.roa (raw, json)
Hash identifier:          6o3WOILsF2IZzdO9hv4y9Gw4HnY6mzuf0d0Fvs4ZDes=
Subject key identifier:   35:9B:46:4E:8B:57:8F:DA:D1:62:8A:78:A0:57:0E:2D:35:AC:36:D5
Certificate issuer:       /CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
Certificate serial:       018CC7936C250834D0D444FBD7AA8E28FA3A
Authority key identifier: 48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/NZtGTotXj9rRYop4oFcOLTWsNtU.roa
Signing time:             Tue 02 Jan 2024 00:29:36 +0000
ROA not before:           Tue 02 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15681
IP address blocks:        83.150.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:6c:25:08:34:d0:d4:44:fb:d7:aa:8e:28:fa:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
        Validity
            Not Before: Jan  2 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=359b464e8b578fdad1628a78a0570e2d35ac36d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:69:3a:5d:70:a6:4f:ec:ba:89:59:30:a2:f9:
                    c9:a2:8c:5b:10:bc:7b:81:f2:f3:55:2f:32:02:d9:
                    d5:7e:49:d9:44:d2:86:f3:4c:69:2f:66:75:8e:3b:
                    a5:a5:7b:79:f2:77:63:fb:78:43:0c:f5:29:d3:d9:
                    39:b3:3d:8e:09:71:a7:cf:92:f7:34:f5:b3:53:24:
                    5b:cb:08:8c:b9:e2:89:f0:31:56:6d:4c:f6:fe:26:
                    94:cc:e0:e0:8f:3e:2e:9a:dd:77:e1:e9:1e:6a:c4:
                    8e:85:7a:b6:1f:1b:2f:f4:1a:f5:d3:20:9e:be:29:
                    a6:4b:5a:74:a4:03:3b:90:87:66:35:27:26:dd:7c:
                    ec:04:a6:5b:d0:ba:9d:32:64:20:f3:df:63:09:bb:
                    bb:90:8e:12:35:ca:eb:d2:88:7e:8f:17:c0:a7:0e:
                    74:da:d8:e3:36:4f:81:b2:4b:4d:e5:e6:cb:71:62:
                    bf:b0:cf:4f:6d:ca:64:7f:78:cf:61:99:40:b9:6d:
                    ca:4c:d8:dc:00:08:f8:38:a1:f7:56:80:4b:7e:73:
                    84:bf:04:c4:45:23:52:68:0a:84:74:9d:e4:b5:4a:
                    99:2e:eb:de:f3:8a:ee:b8:14:af:49:af:cd:52:d2:
                    9e:a6:96:7f:32:d3:4b:95:b5:82:95:0c:d2:7e:5e:
                    99:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9B:46:4E:8B:57:8F:DA:D1:62:8A:78:A0:57:0E:2D:35:AC:36:D5
            X509v3 Authority Key Identifier:
                keyid:48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/NZtGTotXj9rRYop4oFcOLTWsNtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:d0:ad:8a:23:c1:39:56:1e:14:b0:46:66:e9:90:2c:84:33:
         33:8d:0d:8e:2b:77:05:58:62:f1:4a:00:5d:45:49:68:3a:98:
         36:e2:c7:ab:f8:ec:2c:3c:9f:9a:cc:db:a3:20:e4:13:13:48:
         21:83:82:a7:eb:e6:c5:49:06:1c:01:8a:2c:d8:fb:1d:80:0d:
         76:4c:ec:2e:f2:a7:8c:8c:2b:ef:de:e5:b8:31:20:a5:26:7f:
         79:06:f6:82:3a:35:d1:bb:04:77:bd:60:38:4f:46:8f:1a:0c:
         9d:b5:f6:72:9a:c0:d5:64:1b:41:28:a9:32:64:5d:8a:33:5d:
         d4:88:22:6c:54:1d:c7:35:95:e4:c6:a3:1b:98:bc:3d:9a:db:
         26:9e:b1:71:26:9e:ec:9f:da:5c:b0:e2:46:7e:d9:0a:87:ac:
         15:63:96:b2:9f:f8:81:e4:40:4b:3c:45:77:51:ab:62:5a:f9:
         dc:9c:71:ac:85:8f:bf:0a:cd:db:82:b4:f6:2b:f8:69:d1:26:
         a0:4c:e2:7b:40:0e:26:a7:4e:76:8a:6f:c6:eb:74:b2:96:a0:
         f6:7f:f0:2f:ca:b0:72:1a:c1:e4:d2:c7:08:50:9d:77:f4:a5:
         f2:96:2c:a6:54:8c:9a:54:48:8b:76:50:ea:28:73:43:60:3f:
         87:0d:69:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2wlCDTQ1ET716qOKPo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTQ2OTNiMWRjY2M0OWVlNjYwNWE3ZDMzOWUxZDg0N2Vm
MGFkOGIwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTliNDY0ZThiNTc4ZmRhZDE2MjhhNzhhMDU3MGUyZDM1YWMzNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWk6XXCmT+y6iVkwovnJooxbELx7
gfLzVS8yAtnVfknZRNKG80xpL2Z1jjulpXt58ndj+3hDDPUp09k5sz2OCXGnz5L3
NPWzUyRbywiMueKJ8DFWbUz2/iaUzODgjz4umt134ekeasSOhXq2Hxsv9Br10yCe
vimmS1p0pAM7kIdmNScm3XzsBKZb0LqdMmQg899jCbu7kI4SNcrr0oh+jxfApw50
2tjjNk+BsktN5ebLcWK/sM9Pbcpkf3jPYZlAuW3KTNjcAAj4OKH3VoBLfnOEvwTE
RSNSaAqEdJ3ktUqZLuve84ruuBSvSa/NUtKeppZ/MtNLlbWClQzSfl6ZZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWbRk6LV4/a0WKKeKBXDi01rDbVMB8GA1UdIwQY
MBaAFEikaTsdzMSe5mBafTOeHYR+8K2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4Yjct
YmUzYmI2Y2QyZDUxLzEvTlp0R1RvdFhqOXJSWW9wNG9GY09MVFdzTnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4YjctYmUzYmI2Y2QyZDUx
LzEvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5bQMA0G
CSqGSIb3DQEBCwUAA4IBAQCk0K2KI8E5Vh4UsEZm6ZAshDMzjQ2OK3cFWGLxSgBd
RUloOpg24ser+OwsPJ+azNujIOQTE0ghg4Kn6+bFSQYcAYos2PsdgA12TOwu8qeM
jCvv3uW4MSClJn95BvaCOjXRuwR3vWA4T0aPGgydtfZymsDVZBtBKKkyZF2KM13U
iCJsVB3HNZXkxqMbmLw9mtsmnrFxJp7sn9pcsOJGftkKh6wVY5ayn/iB5EBLPEV3
UatiWvncnHGshY+/Cs3bgrT2K/hp0SagTOJ7QA4mp052im/G63SylqD2f/AvyrBy
GsHk0scIUJ139KXyliymVIyaVEiLdlDqKHNDYD+HDWme
-----END CERTIFICATE-----